XML External Entity Vulnerability in Lantronix Provisioning Manager
CVE-2025-7766

8.6HIGH

Key Information:

Vendor: Lantronix
Status: Provisioning Manager
Vendor: CVE Published:; 22 July 2025

What is CVE-2025-7766?

The Lantronix Provisioning Manager is susceptible to XML external entity (XXE) attacks due to inadequate handling of configuration files from network devices. This vulnerability can potentially allow an attacker to execute unauthorized commands on systems running the Provisioning Manager, resulting in severe security risks. Organizations utilizing this product should implement immediate security measures to mitigate the threat and ensure network safety.

Affected Version(s)

Provisioning Manager 0 <= 7.10.2

References

https://www.cisa.gov/news-events/ics-advisories/icsa-25-2...

https://ltrxdev.atlassian.net/wiki/spaces/LTRXTS/pages/10...

CVSS V4

Score:

8.6

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Adjacent Network

Attack Complexity:

Low

Attack Required:

None

Privileges Required:

Undefined

User Interaction:

Unknown

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 22, 2025
Vulnerability Reserved
Jul 17, 2025

Credit

Robert McLellan reported this vulnerability to CISA.